Attention Debian Developers:
I was recently thinking that there may be a possibility to migrate to
Gopher all of the package archives hosted by Debian which currently use FTP.
The Internet Gopher protocol was created in March 1993 by Bob Alberti,
Farhad Anklesaria, Mark McCahill, Paul Lindner, David Johnson, and
Daniel Torrey. Its goal was to provide a consistent organization of
Internet resources by way of a file-and-folder metaphor. Though the
Gopher protocol was almost outlasted by HTTP, some Gopher sites still
exist today.
However, the File Transfer Protocol, or FTP, was created in 1971 (no
author information is available from RFC 114), almost specifically for
the computers of then, which simply behaved as peers. FTP account
passwords are sent in plain text, which can make them vulnerable from
packet sniffing - which is a concern especially in this era after the
revelations made by Edward Snowden. Also, plain-text files that contain
critical, sensitive information, such as credit card numbers or bank
securities - and are not encrypted with a strong-enough password or key
- are also vulnerable from packet sniffing.
But the security issues I know of in Gopher are only specific ones that
exist in particular Gopher server implementations, not in the protocol
itself.
This should be implemented through the following procedure, if possible:
1. Instantiating a new server at <gopher://gopher.debian.org/> (it
probably should have Debian installed).
2. Installing new servers at <gopher://gopher.[c-code].debian.org/> for
every [c-code] (for example "us", "ja", "gb") where there is a
server at <ftp://ftp.[c-code].debian.org/>.
3. Have a grace period of at least 90 days, so users of Debian who use
the existing FTP package archive can migrate to the new Gopher archive.
This should not directly affect mirrors or master archives of any
operating system derived from Debian (including Ubuntu) or of any
operating system from which Debian is itself derived.
I would much appreciate your cooperation.
Sincerely,
Ryan Cunningham
